Joe McKendrick

Roundtable Transcript: 'SOA Value is Unreachable Without Governance'

The following is the full transcript of the roundtable discussion held between Miko Matsumura, vice president and deputy chief technology officer for Software AG, John Favazza, vice president of research and development for WebLayers, Inc., and myself at ebizQ's SOA in Action conference. (Link to audio Webcast here.)

Joe McKendrick: How has the scope and mission of SOA as we know it changed due to the recent economy?

John Favazza: Its interesting, because we have seen the economic climate has affected the SOA projects that are out there, but but we haven't seen any customers cancel their plans. We've seen them maybe slow down the projects they are working on, so they push out their timetables. but really the customers are taking two different approaches... some are locking things down and becoming more tactical. So how do they do the projects that they need to do with fewer resources?

Then we have this other group of customers, its a smaller group, and they've actually used this downturn to focus on strategic initiatives. Their plan was when the economy starts ticking back... they're going to be well prepared. So its really two different categories that people have fallen into.

One of the things driving the SOA pattern during this contracting time is really around things like mergers and acquisitions. We're seeing a lot of market consolidation, IT integration efforts consolidation and removal of redundancies What I would call size and scale benefits. Impacting things like cost, which I think continue to be very vibrant at this time as we start to shift to a tone of economic recovery. We see people who are investing in expanding their capacities and capabilities going forward.

Joe: We're moving into an economic recovery period. Does SOA have a role to play in this? Is SOA going to be part of companies' strategies as they look to regain market share?

Miko: I want to comment quickly on that. The title of this section is called SOA value is unreachable without governance. I really want to come back to that begging the question aspect of that which is the value.

The thing that I think is really important from a growth perspective is really this notion of complex demand as an organization grows to a significant size. What essentially happens is they experience this market fragmentation, which is that they have to expand to new customers, they have to start to verticalize, geographically localize, grew and more niche versions of products and services.

All of these kinds of transformations, and also the consumption pattern of business process, drives complex consumption of IT capabilities. So from my perspective the management of complex demand is going to a driver of economic growth for large organizations. Because ultimately managing complex demand for IT is going to amplify the mount of different consumption patterns of the capabilities of the companies. Basically it means you have more channels, you have more leverage, more reach, and more mass customization. Capabilities to serve a much larger number of potential customer silos, which is part of the fragmentation that comes with the size of enterprise.

John: As the economy grows, there's going to be more pressure on the IT organizations that are there today. We're seeing a lot of them become more distributed. Now there are groups all over the world. And there are partners, and there's outsourcing. So IT itself is completely distributed. The reason we think that governance is so important is now there are teams all over the world, and there are all these technologies. The governance needs to be automated all these different groups to make sure the policy enforcement is done more appropriately..

Also people need to work more agile to be more effective. They need to have these distributed teams and govern across all of them.

Joe: SOA governance has been a tough nut to crack. There are business issues. There is the technical aspect -- registry/repository is also an area that has required a lot of work. There was a lot of this work taking place before the downturn. Are these still issues that are out there? If so, what needs to be done at this point?

Miko: From my vantage point, the thing we need to focus on here is not so much the kind of, we'll get to the piece parts later on in this discussion. I want to make sure we have an understanding of the problem set first. The thing that John alluded to is this fragmentation of organization and fragmentation of technology base. To me, that's really essential to be a starting point of this whole discussion. what were trying to discuss here is this notion that SOA value unreachable without governance. Before we talk about this whole supposition.. about tools, service management paradigms, etc., before we get to the infrastructure issue, I think its very important to understand the organization.

I talked about how large growing organizations run into these growth problems around market fragmentation. They also have technology fragmentation, and technology fragmentation...

People are originally drawn into SOA through this concept of technology silos. They may not be realizing that the technology silos are directly connected to organizational silos, what I call tribes. This is explained in my book, SOA Adoption for Dummies, visible at miko.com/book.

This is the central topic of governance. The central topic of governance is when an organization reaches a certain size, when it breaks into subgroups, IT is amalgamated and broken into silos. That's the SOA problem. So the SOA value is being able to sustain the competitive advantage of size, but also to be able to continue to compete in the marketplace. Consolidate and but be able to manage within an environment where you have separation of platform, mission, political friction, deterioration of enterprise architecture. Then we can start pulling it back into how do we fix this problem.

Joe: Is it possible a company may be too big for SOA?

Miko:Paolo Malinverno, the Gartner analyst, wrote a paper called not SOA is dead, but Let's Face It, SOA is Inevitable. All of these negative consequences of size scale and longevity that come with even the word enterprise, all these negative consequences have to be mitigated in order to take advantage of being big. Global extended reach... mass buying power... there are tremendous benefits in being big..

But unless you can really coordinate align multiple tribes and silos, you're going to be a failure competitively. As we move into the growth stage, the fragmentation of your market will be difficult to address, because you will have single point solutions. For every single niche market, and it will lead to this completely unattainable mass.

There's no such thing as too big for SOA. From my view SOA is a response to being big, and how to manage IT in a climate where things are growing, and where you're a little bit too big to do the same old tricks as you used to.

John: SOA is inevitable. What we've seen is that some of the customers we talk to weren't even planning to start their SOA initiative yet, and what they found out as they looked around within their organization, people were already building services. even though it wasn't full SOA, the service enablement was happening organically. So it was happening, even though they weren't ready for it.

So those are the people that were having the most problems they didn't plan up front, and they decided to take these services and the things that had grown organically and try to retrofit them into a SOA. And because of that, it was doomed to fail. A lot of times what they would they do is they would try to get very aggressive, and their plans would get very aggressive.

A company can be too big for SOA, but they have to plan their schedule, and make it something they can achieve. The old saying, "you don't want to boil the ocean," and that's exactly what some people try to do -- start small, and build upon your successes.

Joe: I heard it said that the development of SOA closely tracks growth of the Internet. The Internet is a series of islands of networks springing up. The internet was basically the inevitable convergence of these islands of network.. Various islands of services. Now the challenge is to bring those islands together into an enterprise architecture.

Miko: The thing that's really intriguing about the governance proposition is that the Internet is a bit like, to use a weak analogy, a spider web, in the sense that's its built out of agreements. And there are interoperability agreements, protocol agreements. You're going to give me the data in this format, I'm going to read it in this format...

but the thing that's interesting is the weight of the agreements tends to be fairly light.. there's certainly some security... http.. there's certain some strength to the connection..

The thing that's intriguing about SOA.. and when you start to get into the domain of governance is ...the agreements that you are sort of managing... the contracts.. between provider and consumer... which are the fundamental basis for governing and aligning organizational silos... they're more heavyweight.. they're more heavyweight. peoples jobs and budgets and headcounts are on the line...

people are executing in their own little silos against their KPIs.. relationship between provider and consumer, internal or external... is going to be a different kind of relationship. So the need to create assurance and accountability, and the need to provide visibility.. and manage those relationships with accountability, that comes down to the core definition of governance. and the notion that you an organize and utilize capabilities within an organization of scale, .. without having accountability. subunits.. in a way is like .. saying IT value scale is unreachable without governance.

Joe: We have a question from a listener... they're asking about best approach and strategy. in which to introduce SOA into retail banks.. approaches to strategies for introducing SOA differ between sectors.. or does there tend to be a common template?

Miko: Yes, there's absolutely no question. The two aspects of SOA that are important to grasp, is whether you're trying to focus on complex supply chains... which is really about ... heterogeneous IT, and marshaling or corralling of IT... whether its lifecycle development.... lifecycle governance.. or whether you're pushing out toward this market fragmentation problem...

...within retail banking.. one thing that's a very common pattern is this principle of channel normalization. whether you're talking about things like the branch or the mobile banking on your phone... or the web banking or ATM.. or all these different channels... all these different channels have very similar kinds of service access points... people want things like account records. they want to be able to update their addresses... all these things, they would like to do them... in a common channel... in retail banking, that's one of their most common entry points...

particularly if you have consolidation.. you have these giant banks coming together... you have customers like myself.. id like to get my countrywide mortgage information from a ... b of a website, they're the same company now.. ... market fragmentation.. industry fragmentation... ..and this kind of bringing that all together.. into reusable capability... but I think that's a great question.. how... how do you introduce, ... how do you execute, how do you do this... I like the way that's headed...

Joe:
governance will differ... governance more focused on the channel strategy...

Miko: Yeah, and I think that's one of the most critical adoption methodology factors. There's this sort of intergalactic approach... where you sort of summon everyone, the ...gathering of the tribes... you create this United Nations within your organization... that's all well and good. But in a way, ...you can create a much sharper stick.. if you just invite the constituencies whose life depends on these functions... if someone in a contact center is unable to update and address.. of someone calling in, that can be pretty frustrating...

You laugh, of course they can do that, its an obvious function... what if you're a bank of America.. call center operator.. and this person is calling for countrywide... customer.. so it isn't always extremely obvious.. That's just one example of an entry point for the business value... ...and then you can pull all those constituencies together into a mission critical support groups and ..try to help them .understand how to get there...

Joe: John, what has been your experience there? Are you seeing various flavors of SOA governance among in industries?

John: We do. I think the underlying template... is very similar across all of them. They all have the same base, goals.... but where the difference comes in they may specific goals for not only the SOA but also their governance.. maybe in the finance industry, their main goal may be security.... or maybe interoperability Whereas in ..healthcare or some of the other industries, something else might be a higher priority... even though they all have the same base, at the end of the day, they tweak, and they tend to change their... architecture... and some of the projects they're doing based upon these goals...

Joe: The issue of ROI...how do you measure it? How do you justify what you're doing? How do you justify it to upper management and so forth? How do you capture ROI? And the role ROI plays in governance...

John: This is such an interesting question, we get this a lot.. especially for WebLayers within our industry, because people want to understand if I buy your product, what is my ROI... that's just a small piece to the bigger question... if I implement SOA.. what is the benefits, and how do I measure this return on investment?

I think what people need to keep in mind.. two different categories of benefits in SOA... your business category... where its things like visibility, agility... flexibility... On the other hand, you have more technical benefits.. a lot more code reuse... code that's more portable, a lot ore interoperability..

So you really need to be able to measure both aspects of SOA.. in order to do that, you need to provide governance across the entire SDLC [Software Development Lifecycle], and across the entire lifecycle of the SOA... one thing we've noticed among our earlier customers. is they would implement governance... in the early stages of the SOA and build this great architecture, and ..they didn't follow a process in that part of the lifecycle, then they would hand off this architecture to a totally different team to support it.. that it would break down..

Really what people need to do is govern across the lifecycle.. and make sure they measure all aspects. Measure all of the artifacts, measure all of the services, and then aggregate all of that data together

Miko: I certainly agree... that it is a best practice to establish those metrics and measurements... what I'd really like to do is pull back a little bit... one of the things that Anne Thomas manes addressed... this feeling that SOA is dead... Part of her primary point. is this notion that SOA ROI is probably not the right approach... what you really need to look at... you have to understand... first of all I talked about organizational tribes... technology fragmentation.... so the question then arises, what is the business value of connecting organization tribes and technological silos? and the answer is, first of all, it depends on the situation... which is kind of a lame response, which is a typical architecture response...

when you look at your organization, what is this pattern.. what is the business value of connecting one organizational subunit to another one? what I'm going to argue is what you're creating is a value chain... the most trivial case of value chain is a synchronous relationship.. between two technology silos... ...when you go down the chain to asynchronous consumer-provider relationships. the only way the enterprise can deliver value...

when you look at the IT process, when you get into the SDLC... separate development group, separate QA group... IT itself is a silo.. the entire of the SDLC.... the entire IT has to then become a provider to the business... that chunk of the business could be a provider.. or it could be a provider to the end customer..

you have no choice is the sense that the enterprise is so big... that there's no way you can deliver value to the customer within a single operational unit... because the single operational unit is so specialized by you have tor rely and depend on external.. other organizational stakeholders..

The real question n I drive is whats the real value of connecting tribes and organizations... its the value chain.... I use value chain instead of the word business process... first of all doesn't encompass in some peoples minds IT process... when people talk about BPM, sometimes they're talking about BPM within a siloed group.... they're not talking about BPM as a way to connect multiple siloed groups... to me that's the big value... when you look for that pattern, ...you'll be dforcesd to deal woth.. whether they be part of the IT group within the sdlc... within IT, or whether they be part of something bigger...

Joe: John discussed two levels of ROI. What's going on in IT at the technical level, code reuse. Then there's achieving business agility aspect, and the value chain Miko talks about, the ability to tie together silos and tribes to gain a more cohesive enterprise. Are we talking about agility here?

Miko: Let me correct that slightly. I would not say the ability to connect a value chain is itself agility. To me, agility is visibility and changeability to develop what we call continuous process improvement. By digitizing this human workflow and create a chain, you can then create adaptability that's not embedded down in the low-level technical services, but that you've ..that you can externalize into a configurable flow... when someone creates a change within one silo ripple effects of interdependent organization and silo are sort of managed... that's another big part of the governance problem.. ..you see that manifest in the design of the registry repository etc...

Joe: Functional SOA... how do companies know if SOA is failing? Is there a measurement for that?

Miko: I kind of want to nip this track in the bud a little bit. In some ways, some of these questions are about why and maybe some soul searching.. the statistics show people aren't really soul-searching... they're actually doing it.

In terms of how you can tell its failing, ultimately what you have to do is establish the metrics and be able to monitor. But I think that SOA failure is much less interesting to any organization than project failure. ultimately, like it or leave it, project discipline is going to be the high order bit rather than this abstract program...

Joe: We have another question from a listener... What is the relationship between IT and SOA governance and enterprise architecture? Is there a strong relationship?

Miko: Let me address that succinctly.. IT governance is in most organizations is essentially an alliance between the CFO to control the costs and the CIO to run the IT organization... ... so when you look at the root aspects of IT governance, you end up looking at things like thre ITIL system. ITSM service management paradigms and those sorts of things.....

...IT governance is one aspect of managing your IT typically focused on normalizing the procedure and policies, and... ..controlling costs... those are the primary drivers...

The thing that's complex between EA governance and SOA governance is ultimately we would hope there's convergence... that service orientation becomes the paradigm by which all of these IT governance as well as EA governance paradigms become achievable..

Service orientation enables you to provide relationships and enforce them. That is a basic pattern that enables you to realize the goals of it governance and realize the foals of ea governance. they're certainly fairly overlapping terms. Ultimately, you have to look at the school from which they arise, and the kind of mental models which they represent.

John: Do you see a close relationship?
I do. And I agree with what Miko is saying. At the end of the day when we think of of governance, whether its IT governance, enterprise architecture, SOA.. ... the root of governance is policies.. I have a collection of policies, whether its corporate policies, or they're ...standards... and I need to enforce them... in very generic terms, that's governance across all those different types. they may be a little different.. they may have different flavors within each group.. at the end of the day, they're going to all be converging So you're going to worry about IT governance... then you're going to also worry about architecture.... so those are the pieces of the larger puzzle.

Joe: Another question from a listener. Given the fluid nature of business... fragmented nature of IT to support tribes... ... why there hasn't been more urgency on the use standards... to drive the commodization of infrastructure? isn't this..

Miko: What I meant to address here is that a standard is an agreement between a whole federation of providers and consumers, and the scope of a standard is very important within our enterprise, were going to use CORBA or whatever. This notion that you can scope a bunch of providers and consumers and say this is the standard for our federation, those are enabling technologies. The question of governance becomes, how do you ensure that people providing services are interoperable?

Registry/repository is a great enforcement point. For such policies, to ensure that people are following these agreements, because a standard is just an agreement, not just between one consumer and provider, but goes across a federated group.

Joe: Another question... ...runtime policy definitions will be mature?.. run them across PEPs, or policy enforcement points.. from different vendors?

Miko: My concern there is its one of those Venn diagram problems.. ..there are core standards that will be common across policy enforcement point vendors.. the market will consolidate around the runtime vendors.. but ultimately its the responsibility of the registry repository vendors.. to develop essentially more of a relationship with vendors in the runtime...

..if you look at the CentraSite community form Software AG... we have interoperability and we can drive policy management to dozens of different kind of runtime environments... we use ws-policy and ws-policyattachmemnt... but given the ...variability... in the scope of that standards, its different enforcement points... the paradigm I see emerging is not sort of one policy definitional standard for all... you're going to have rely on your registry repository policy vendor.. to drive... your intention in your policy enforcement system, through interoperability...

John: I definitely agree with Miko.. that's a great way to share the policy definitions across the different PEPs... ... but the root problem is the policy itself.. the implementation or the dialect of the policy can be in many different languages. and that's the one thing that has not been standardized... how can I write my policy in such as way. that any enforcement point can understand it... ...today there is no one such language, and maybe there will be one down the road... at this point, what you need to do... is support the ability to go across them and then have different implementation that can work in the enforcement points....

Miko: At the end of the day...the concern I have about universal policy language..is that policy is so broad of a scope... there are going to be corner cases.... you're really creating a Turing complete expression language semantic up in the cloud layer... if you're going to have fragmentation just because of commercial interests... Java and .NET, you're going to have that all over again... I don't think there's ever going to be a universal standard.. for all possible policy articulation

John:
I agree.

Joe: We have an interesting question. Listener asks if there will ever be alignment with project management goals? Alignment between tools and processes of the SOA governance trams and project management office and SOA?

Miko:
I think that were seeing some amazing alliances between PMO.. and EA in the sense that PMO is sort of the approval choke point of all projects... actually is now starting to potentially open up...to ea with respect to this notion to getting architectural review ,...if you're going to open up ... outside of the program service.. you have to answer to EA and PMO together...

the third link of the chain here that is happening at the enterprise level... we're also seeing procurement in here... ...so procurement is stepping up and saying, you're going to buy what to do what? they're playing a role, because ultimately at the end of the day the enterprise is going to have to pay the bill.. when it comes to non-interoperable solutions... that come from really scattered dispersed vendors... that's inevitable as well.... PMO, procurement ea... there's a lot of interesting enterprise level connections...

John: We're also starting to see a lot of customers that not only want to govern the different components and services that make up their SOA, ... they want to start governing the process itself... so they want to write policies that govern how people are building... and I do see that as eventually a lot of these project management tools and capabilities... will merge with a lot of these governance technologies...

Joe: Unfortunately, we're running out of time. John and Miko, can you provide three points to consider in SOA governance in the year ahead?

John: First thing I would say is always remember to govern across all the different silos and different groups. I would say to prepare your governance plan up front... decide on what your goals are, and make sure you can measure and monitor those goals. Start small and grow. And build upon your successes...

Miko: To me, its difficult to compress a huge amount of information.... I'm actually going to push again, a lot of questions around how... and ultimately this notion of how do how do it... I've put a lot of information into the SOA adoption for dummies book as a methodology.. miko.com/book... id be happy if people could communicate with me and read the book... and get some information from there. If you need to download it, go to miko.com/book, and get to the book and download it for free...

In this blog (formerly known as "SOA in Action"), Joe McKendrick examines how BPM and related business and IT approaches can promote business transformation.

Joe McKendrick

Joe McKendrick is an author and independent analyst who tracks the impact of information technology on management and markets. Joe speaks frequently at industry events and Webcasts, authors ZDNet's SOA blog and serves as lead analyst and author of Evans Data Corp.'s highly regarded bi-annual SOA/Web Services survey. Joe writes a regular column for Database Trends & Applications, and has authored numerous research reports in partnership with Unisphere Research for a variety of user groups. In a previous life, he served as director of the Administrative Management Society (AMS), an international professional association dedicated to advancing knowledge within the IT and business management fields. View more